Evan Sultanik
Evan Sultanik
```shell $ cat flamegraph1 unix`_sys_sysenter_post_swapgs 1401 unix`_sys_sysenter_post_swapgs;genunix`close 5 unix`_sys_sysenter_post_swapgs;genunix`close;genunix`closeandsetf 85 unix`_sys_sysenter_post_swapgs;genunix`close;genunix`closeandsetf;c2audit`audit_closef 26 unix`_sys_sysenter_post_swapgs;genunix`close;genunix`closeandsetf;c2audit`audit_setf 5 unix`_sys_sysenter_post_swapgs;genunix`close;genunix`closeandsetf;genunix`audit_getstate 6 unix`_sys_sysenter_post_swapgs;genunix`close;genunix`closeandsetf;genunix`audit_unfalloc 2 unix`_sys_sysenter_post_swapgs;genunix`close;genunix`closeandsetf;genunix`closef 48 ``` ```shell $ cat flamegraph2 unix`_sys_sysenter_post_swapgs 1402 unix`_sys_sysenter_post_swapgs;genunix`close 5 unix`_sys_sysenter_post_swapgs;genunix`close;genunix`closeandsetf...
Allow the user to specify a given epsilon of matching cost, and find a matching that is at most that epsilon from the cost of the optimal matching.
- [ ] Extend the it-depends API to associate vulnerabilities with packages - [ ] Use [Google OSV](https://osv.dev/) as a data source to automatically assign vulnerabilities to packages - [...
How does it-depends differ from Dependabot and Renovate? https://github.com/renovatebot/renovate - Primarily CLI tool rather than CI bot - Intended use case is for forensics, generating SBOMs, and comparing projects -...
- [x] One example for each repo type supported - [x] Add tests for each one - [x] Run tests in CI
Do a best effort to match against [`cvedb`](https://github.com/trailofbits/cvedb).
Some package managers like `npm` are able to report on known security issues using its own vulnerability database. Provide an internal API for having package classifiers report these along side...